Blog: New NIST Guidelines Offer Starting Point for Cybersecurity

Thought Process: This blog was meant to inform potential clients about new
NIST guidelines and how they might affect them. I interviewed our Sr. Security
Engineer and Chief Information Security Officer to find key issues and
recommendations that could be easily digested and understood.

Mainly provided thought leadership while plugging a Ransomware Gap

Assessment as well.

Included SEO keywords on IT security and NIST, as well as backlinks and

internal links.

Article:

The National Institute of Standards and Technology (NIST) has issued a final
update of its guidance to organizations assessing their internal security IT
systems.

The NIST “Assessing Security and Privacy Controls in Information Systems and
Organizations” document advocates an assessment and procedures
approach that provides guidelines on areas of the compute and network
infrastructure to examine to discern security issues.

Some of the guidelines include improving organizational assessments of

current cybersecurity infrastructure, promoting better cybersecurity
awareness among users, enabling cost-effective security assessment
procedures and privacy controls, and creating reliable security information
for executives.

NIST’s assessment guidelines are comprehensive, but the approach is a

potential problem in that it too reliant on self-assessments without a
requirement for an external validation to ensure completeness. Cybersecurity
experts say that relying solely on these assessments is too much like “letting
students write their own exam,” which could impact the integrity of the
answers and invite shortcuts.
The rigorousness of the self-assessment is critical to the successful use of the
NIST approach. For example, the TorchLight Ransomware Gap Assessment
(RGA) is based on the NIST approach, but the assessment is done by a team
of professionals who will return an assessment that is comprehensive.

This need for completeness shows up in the asset inventory – the list of
devices and systems that make up a company’s threat landscape. This has
always been a foundation of establishing strong cybersecurity response and
needs to be done comprehensively to be effective. Companies without a firm
grasp of the assets at their disposal could face foundational gaps in their
security configuration and infrastructure.

Adding controls to the self-assessment, similar to how US Federal

government agencies work – can add checks to the process that can be
beneficial. I think that audits are important for businesses, leading teams to
defer policies and procedures.

My general recommendations for companies that are interested in taking

charge of their security situation using NIST assessments, include:

• An assessment approach that involves technically adept personnel

who are outside the CIO office/IT department to give a fresh look at the
infrastructure.
• A strong asset model with a good understanding of inventory.
• Configured change management system that cover all infrastructure –
hardware, software, and cloud. This database needs to be updated with
every device addition, change or software update.
• Consistent audits by auditors that do not face retribution or can be
validated by second parties – leading to a “trust, but verify” scenario.
• Updated, well-developed topologies to guard endpoints and IoT from
problems like ransomware.

Trust- and risk-based concerns about third-party monitoring are real, and
are an issue that TorchLight continues to work on with its clients. Still, sharing
the responsibility and duties of implementing the NIST guidelines with a
security partner can help companies pursue the highest quality of security
infrastructure.

Blog: Financial Institutions and Ransomware

Thought Process: This blog was based off of market research and SME input.
Content isn’t a one-size fit all and I wanted to create pieces that were specific
to a certain industry. The focus of this article was giving real world examples
of the cost of not having proper cybersecurity measures in place.

For Monte Carlo, a similar industry specific article might give examples of lost
revenue due to data downtime and why that matters.

Article:

For financial institutions, strong cyber defenses are essential. Simply following
safety regulations, however, doesn’t mean institutions like banks, insurance, or
investment firms are immune from attacks. For many years, financial
institutions have been prime targets for cyber attacks (and especially
ransomware attacks). Get ahead of attackers and protect valuable assets
from impending ransomware attacks. Here are a few things that financial
institutions should know about ransomware – its current trends, targets, and
tactics.

Typical Attack Vectors for Financial Institutions

The potential for a high payout makes financial institutions prime targets for
ransomware attacks. The disproportionate number of attacks on financial
institutions rose even higher in 2021 – potentially due to the perceived
decrease in security with so much of the corporate workforce still working
from home. As a result, President Biden has made preventing cyber threats a
main feature of his presidential agenda.

White Rabbit Attack by FIN8 on Local U.S. Bank

When analyzing a recent attack on a U.S. Bank, cyber analyst firm Trend Micro
noticed a new type of ransomware called White Rabbit. They believe a threat
actor called FIN8, which until recently had focused mostly on infiltration and
reconnaissance, could be behind the attack and thus expanding operations
into ransomware. White Rabbit uses a “pay-now-or-get-breached” scheme
in which data is exfiltrated before encryption then threat actors extort victims
to pay so that the stolen information is not published online. Often, threat
actors also threaten to send the information to supervisory bodies and the
media as well (for a double threat to privacy and reputation). What can you
learn from this? Complete and comprehensive coverage can help limit the
damage of stolen data or ransomware attacks.

CNA Insurance Attack

In March of 2021, the U.S. Insurance Firm CNA fell victim to a ransomware
attack that disrupted the firm’s employee and customer service. It impacted
corporate email and the systems and functionality of CNA’s website, leading
the insurance firm to pay the hackers $40 million to regain control. The
ransomware attack exposed the personal information (including names and
social security numbers) of thousands of employees, contractors, and
policyholders. It has prompted financial institutions and enterprises alike to
ensure that they have top-level protection not only for regulated customer
data, but also for employee data and internal systems.

How to Prepare for and Mitigate Attacks

For financial institutions, cyberattacks sometimes seem inevitable. However,

with the right preventative measures in place the damage done can be
minimized. TorchLight can help protect your organization by:

• Understanding your business’ unique needs and integrating security

strategy into business strategy to make security a tool for business
progress.
 • Helping to properly secure your networks, automating your backups
separate from primary systems and helping with employee awareness
and training.
• Training your staff on how to recognize potential threats and what to do
if a security breach is made and helping you implement a backup plan.

How can TorchLight help?

Contact us to learn what you can do to protect yourself from impending

cyber threats.

Blog: Why Zero Trust is Essential for Remote Work

Thought Process: Most all companies have shifted to a hybrid/remote work

model. Understanding this and creating a thought piece around that was the
goal in mind. I didn’t see a lot of companies addressing remote work and zero
trust, so I ran with the idea.

Article:

As more of the workforce went online during the pandemic, employee

credentials and other vulnerabilities became more exposed. The rise of zero
trust has helped businesses remain secure – even in remote working
environments. Here are a few things that you should know about zero trust for
your business and why it is essential for remaining cyber secure in both
hybrid and remote workspaces.

The Rise in Zero Trust

With the shift to remote work, the zero trust model became more widely
adopted across the cybersecurity landscape. Sensitive business resources
that were once solely offered in the office were now offered at home, altering
protection protocols. Zero trust strategies went from optional to critical
because of the control issues with a distributed workforce. A personal
network or coffee spot Wi-Fi could turn into the entry point for a malicious
actor infiltrating your organization’s networks through employee devices. As
workforce strategies are changing, more companies are realizing how
essential zero trust strategies are for their cybersecurity hygiene.

What Zero Trust Is Exactly

Zero trust allows your business to operate safely both within and outside of
your business’ secure network. Through zero trust, employees can receive
access to only the secure files and data they need to complete their work–
without compromising systems if there is a breach. Zero trust protects your
business with a continuous verification process, requiring employees to re-
obtain access at every entry point. Instead of using a standard password
protection, zero trust uses a combination of these three strategies to ensure
greater protection and privacy:

• Micro-segmentation of networks, which divides the data center into

different security groups
• Authentication of users, which identifies users that request access
• Verification of a secure network, which analyzes the design of a network
to verify it even as it constantly changes

Ways Zero Trust Helps Secure Remote Work

Zero trust helps secure all the endpoints and permissions with an additional
layer of verification, reducing the risk of both outside and internal threats to
your organization. Zero trust exemplifies a least privilege model where
employees only have access to what they need, eliminating the internal
threat of an employee harming the system. As remote work remains common
and gains popularity, organizations like yours should adopt zero trust
strategies to securely protect your business from possible internal and
external threats.

Conclusion

In conclusion, zero trust is more of a “mindset” than it is a network

architecture or model. The foundation of this mindset is that trust must be
validated (and re-validated, and then validated again) with verifiable
evidence, and this validation strategy applies to every change and
interaction with the network. Remember this: just because some activity or
user was “trusted” yesterday does not mean it should still be trusted today!
Validate it again and again, and make sure your evidence actually proves
what you think it proves.

How TorchLight Implements a Zero Trust Strategy

TorchLight approaches security by focusing on business cases and

evaluating risk. Torchlight completes an in-depth analysis of the business
case by determining why you need zero trust and what you need it to do
exactly for your business.

Contact TorchLight to accurately analyze your cybersecurity needs and see

what zero trust can do for your business.